inspire-group / modelpoisoning Goto Github PK
View Code? Open in Web Editor NEWCode for "Analyzing Federated Learning through an Adversarial Lens" https://arxiv.org/abs/1811.12470
Code for "Analyzing Federated Learning through an Adversarial Lens" https://arxiv.org/abs/1811.12470
The source code contains cifar_10_model
, but I cannot find the definition, so I made a minor change on source code and did some experiments on cifar10 dataset.
However, the result shows that the malicious agent succeeded in 40 of 40 iterations with high confidence in both converge
and dist
strategy. Is that normal ?
I did not find the code for accuracy check as mentioned in this paper. Is the 'accuracy check' included in the source code? In other words, will the central server check the accuracy of model updates from different participants before aggregating them?
Further, would you please give the parameters (or a running command) to reproduce the results in the paper on attacking 'krum' and 'coomed' aggregation rule?
I find error about multiprocessing in my environment, so I change the Process to single thread, but I can't get the similar weights distribution results in your paper. My questions are:
I ran the source code and still met many small errors. These errors are summarized below:
It seems that cifar_utils is missing, giving the following error when trying to train the model with the command written in readme
File "code/ModelPoisoning/agents.py", line 11, in
from cifar_utils import cifar_10_model
ImportError: No module named cifar_utils
Hi Arjun, I have reproduced the experiment of the alternating minimization attack following the command in README:
python dist_train_w_attack.py --dataset=fMNIST --k=10 --C=1.0 --E=5 --T=40 --train --model_num=0 --mal --mal_obj=single --mal_strat=converge_train_alternate_wt_o_dist_self --rho=1e-4 --gar=avg --ls=10 --mal_E=10
However, the result shows that "Malicious agent succeeded in 0 of 6 iterations". After checking the source code, I find that during the 6 iterations the global model correctly predicted the malicious data with the label "5". And the output file for predicting the malicious data is as following:
t,target,target_conf,actual,actual_conf
1,7,0.18352902,5,0.5428532
2,7,0.13259208,5,0.849949
3,7,0.04781367,5,0.9503012
4,7,0.09260346,5,0.9071523
5,7,0.48864973,5,0.51109886
6,7,0.48037982,5,0.5195737
The results are not consistent with the figures in the paper that show the global model misclassifies the malicious data in confidence nearly 1 after 3 iterations. So did I miss something? Why does it happend? Thanks.
Hi, I am trying to understand your code. But there is a problem that bothers me, why the default value of 'arg.mal' is True?
In my opinion, if this value is True, then the attack will be carried out. However, in your README, you wrote that 'To run federated training with 10 agents and standard averaging based aggregation, use
python dist_train_w_attack.py --dataset=fMNIST --k=10 --C=1.0 --E=5 --T=40 --train --model_num=0 --gar=avg
'
So this code allows malicious clients to participate in training? Or just forgot to add --mal = False
?
This question has been puzzling me for a long time, and I am looking forward to get your reply soon.
All the best!
hello,Arjun.
When I ran the program according to README.md, there was an error that I cannot solve.
Traceback (most recent call last):
File "M:/Projects/Local model poison/ModelPoisoning/dist_train_w_attack.py", line 11, in
from utils.io_utils import data_setup, mal_data_setup
File "M:\Projects\Local model poison\ModelPoisoning\utils\io_utils.py", line 9, in
from mnist import data_mnist
ImportError: cannot import name 'data_mnist'
Is the package mnist or python-mnist necessacy? How can I solve this error?
Hello,
Just out of curiosity, I wanted to know why were none of the federated learning libraries used in this code?
Thanks
Harshita
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.